CyberSec.Space Logo
CVEブラウザに戻る

CVE-2014-7178

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1920%
EPSS Percentile17.27th
Published2014年11月28日
Last Modified2026年5月6日

Vulnerability Description

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.

Affected Platforms (CPE)

📦
Enalean

Tuleap

<= 7.5.99.5

References & Advisories

🔗 http://seclists.org/fulldisclosure/2014/Oct/121
🔗 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7178/
🔗 https://www.tuleap.org/recent-vulnerabilities
🔗 http://seclists.org/fulldisclosure/2014/Oct/121
🔗 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7178/
🔗 https://www.tuleap.org/recent-vulnerabilities

関連する脆弱性情報

CVE-2018-172989.8

An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.

CVE-2018-75389.8

A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows atta...

CVE-2018-76348.8

An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible ...

CVE-2017-74118.8

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() m...